← Back to Skills Marketplace
326
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install clawhub-skill-test-api
Description
泛微 E10 系统 API 调用工具,支持流程创建、待办查询、审批提交、流程退回等操作。使用 OAuth2.0 认证,自动管理 token 刷新。
README (SKILL.md)
泛微 E10 API 调用 Skill
功能列表
| 功能 | 命令 | 说明 |
|---|---|---|
| 获取 Token | weaver-e10 auth |
获取/刷新 access_token |
| 创建流程 | weaver-e10 create |
发起新的审批流程 |
| 查询待办 | weaver-e10 todos |
获取用户待办列表 |
| 提交审批 | weaver-e10 approve |
提交/同意流程 |
| 退回流程 | weaver-e10 reject |
退回审批流程 |
| 查询流程 | weaver-e10 get |
获取流程详情 |
环境变量配置
在 /ollama/workspace/.env/weaver-e10.env 中配置:
# 泛微 E10 API 配置
# ⚠️ 请替换为你自己的实际值,不要使用示例中的占位符
WEAVER_API_BASE=http://your-weaver-server:port
WEAVER_APP_KEY=your_app_key_here
WEAVER_APP_SECRET=your_app_secret_here
WEAVER_CORPID=your_corpid_here
🔒 安全警告
-
凭证保管:
.env/weaver-e10.env文件包含敏感凭证,请:- 不要提交到 Git 等版本控制系统
- 设置文件权限:
chmod 600 .env/weaver-e10.env - 不要通过聊天工具、邮件等方式明文传输
-
Token 缓存:Token 缓存在
~/.weaver-e10/token.json,请:- 确保家目录权限安全
- 定期清理过期 token
- 不要在共享主机上使用
-
网络隔离:建议在内部网络使用,避免暴露在公网
使用示例
1. 获取 Token(自动)
# 首次获取
weaver-e10 auth
# 输出
{
"access_token": "xxx",
"expires_in": 7200,
"refresh_token": "xxx"
}
2. 创建流程
weaver-e10 create \
--userid 731942425541656576 \
--workflow-id 5955363498899145211 \
--title "请假申请" \
--form-data '{"dataDetails": [{"fieldId": "123", "content": "张三"}]}' \
--next-flow
3. 查询待办
weaver-e10 todos --userid 731942425541656576 --page 1 --size 20
4. 提交审批
weaver-e10 approve \
--userid 731942425541656576 \
--request-id 848951654078865410 \
--remark "同意"
5. 退回流程
weaver-e10 reject \
--userid 731942425541656576 \
--request-id 848951654078865410 \
--reject-type 1 \
--remark "资料不全,请补充"
认证流程
1. 调用 /oauth2/authorize 获取 code(10 分钟有效)
2. 调用 /oauth2/access_token 用 code 换 token(2 小时有效)
3. token 过期后自动用 refresh_token 刷新(24 小时有效)
4. refresh_token 过期后重新授权
错误码
| 错误码 | 说明 |
|---|---|
| 0 | 成功 |
| 40001 | token 无效或过期 |
| 40002 | 权限不足 |
| 40003 | 参数错误 |
| 50000 | 系统错误 |
注意事项
- Token 管理:token 自动缓存到
~/.weaver-e10/token.json - 自动刷新:token 过期前 5 分钟自动刷新
- 表单数据:formData 必须是合法 JSON
- 人员 ID:userid 必须是泛微系统中的用户 ID
文件结构
weaver-e10-api/
├── SKILL.md # 本文档
├── _meta.json # 元数据
├── scripts/
│ ├── weaver-e10.py # 主程序
│ └── auth.py # 认证模块
└── examples/
├── create_request.json
└── approve_request.json
Usage Guidance
This skill's code appears to implement the Weaver E10 API client described, but the package metadata does not declare the environment variables or config paths the code actually needs. Before installing or supplying credentials: 1) Inspect the full script (weaver-e10.py) yourself to confirm no hidden endpoints or unexpected network calls; 2) Do not place production credentials into a shared or public workspace path — prefer a secure location and verify the code reads the path you expect (it currently uses /ollama/workspace/.env/weaver-e10.env); 3) Confirm the token cache location (~/.weaver-e10/token.json) is acceptable and protected (chmod 600); 4) Ask the publisher why SKILL.md references an auth.py that is not in the manifest and update metadata to list required env vars; 5) Only point WEAVER_API_BASE to an internal, trusted E10 server. These inconsistencies look like sloppy packaging rather than an obvious backdoor, but verify before giving this skill access to sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: clawhub-skill-weaver-e10-api
Version: 0.1.1
The skill is a legitimate integration for the Weaver E10 enterprise system API, providing tools for workflow management, approvals, and task queries. The implementation in `scripts/weaver-e10.py` follows standard OAuth2 authentication patterns, managing credentials via a local environment file and caching tokens in the user's home directory. No evidence of malicious intent, data exfiltration, or prompt injection was found; the code uses safe practices for API interaction and includes appropriate security warnings for credential management in `SKILL.md`.
Capability Assessment
Purpose & Capability
The skill's name/description match the code: it is an OAuth2 client for 泛微 E10 that creates workflows, queries todos, approves/rejects requests. However the registry metadata declares no required environment variables or config paths while the runtime code requires WEAVER_API_BASE, WEAVER_APP_KEY, WEAVER_APP_SECRET, WEAVER_CORPID and reads a specific env file path. This mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md instructs the user to store credentials in /ollama/workspace/.env/weaver-e10.env and documents token caching at ~/.weaver-e10/token.json. The runtime code indeed reads that exact workspace .env path and writes a token cache to the user's home. The instructions therefore cause the agent to read/write files on disk (workspace .env and home token file) — these actions are within the declared functional scope but they were not declared in the registry metadata, and the SKILL.md references an auth.py module that is not present in the file manifest, which is an inconsistency.
Install Mechanism
There is no install spec (instruction-only install), which is low risk. The package does include a Python script (scripts/weaver-e10.py) that will be executed by the user/agent; nothing is downloaded from third-party URLs and no install-time arbitrary downloads are present.
Credentials
The code requires four service-specific environment variables (WEAVER_API_BASE, WEAVER_APP_KEY, WEAVER_APP_SECRET, WEAVER_CORPID) and reads a workspace .env file, but the registry metadata lists no required env vars or config paths. That omission is a mismatch and increases risk because users may not realize sensitive credentials are needed or exactly where they will be read from/written to (token cache in home).
Persistence & Privilege
The skill is not configured as always:true and does not request system-wide privileges. It writes its own token cache (~/.weaver-e10/token.json) and reads the specified .env file; it does not modify other skills or global agent config. Autonomous invocation is allowed (platform default) but is not coupled with unusually broad privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawhub-skill-test-api - After installation, invoke the skill by name or use
/clawhub-skill-test-api - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
No changes detected in this version.
- Version 0.1.1 released with no updates to documentation or code.
v0.1.0
Initial release of weaver-e10-api: 泛微 E10 系统 API 调用工具
- 支持流程创建、待办查询、审批提交、流程退回等常用操作
- 使用 OAuth2.0 认证,自动管理 access_token 和 refresh_token
- 提供详细环境变量配置与安全说明
- 内附命令行使用示例与错误码说明
- Token 自动缓存与自动刷新,提升使用安全性和便捷性
Metadata
Frequently Asked Questions
What is Weaver E10 Api?
泛微 E10 系统 API 调用工具,支持流程创建、待办查询、审批提交、流程退回等操作。使用 OAuth2.0 认证,自动管理 token 刷新。 It is an AI Agent Skill for Claude Code / OpenClaw, with 326 downloads so far.
How do I install Weaver E10 Api?
Run "/install clawhub-skill-test-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Weaver E10 Api free?
Yes, Weaver E10 Api is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Weaver E10 Api support?
Weaver E10 Api is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Weaver E10 Api?
It is built and maintained by 老练的小四 (@xfnet); the current version is v0.1.1.
More Skills